That Shared Tablet Could End Up Costing You Plenty

Posted on May 1st 2014

That Shared Tablet Could End Up Costing You Plenty

ImageConsumers love their tablets. Their big touch screens and extreme portability make them ideal for browsing, apps, email, and a host of other online activities. So it’s not surprising that over half of users say tablets are their favorite device, according to Adobe data.

Unfortunately, tablets are also the favorite device of identity thieves, who love to hack them.

Tablet owners were 80% more likely to be victims of identity fraud than the general public, according to the 2013 Javelin Strategy & Research Identity Fraud Report. Nearly 1 out of every 10 had their identity stolen.

Sharing

Why are tablet owners the top target of identity thieves? One reason is the unique design features of tablets make them perfect for sharing. As a result, families are increasingly using them as communal devices. The 2013 J.D. Power and Associates U.S. Tablet Satisfaction Study found that more than half of tablet owners share their device with at least one other person.

Even more surprising, over three quarters of parents who own tablets (78%) let their kids under age 11 use them at home, according to Nielsen’s 2013 Connected Devices Report. Nearly half (54%) say their children use tablets for educational purposes. But do parents really know what their kids are doing on the family tablet? It’s not likely, if the McAfee Digital Deception Study is any indication. It found that nearly half (46%) of children of all ages (10-23) would change their online behavior if they knew their parents were watching.

Even more alarming, nearly three quarters (74%) of parents admitted they don't have the time or the energy to keep up with everything their child is doing online.

Shopping

Tablets have become the most popular device for shopping on the go. In 2013, they accounted for more than half of all dollars spent on mobile devices, according to Javelin Strategy & Research.

That makes tablet owners especially attractive to hackers looking to steal their sensitive information. Buying when you’re on a public WiFi, or on any unsecure wireless network, is risky business because all of your data can be captured. What’s more, paying to access a WiFi hotspot with your tablet doesn’t mean your connection is any more secure. You may not find out you’re a victim until you check your credit card, bank statement, or your credit report.

BYOD

Thanks to BYOD, tablets are also being widely used to access work-related information because they’re so portable. Almost 70% of those who own a tablet or smartphone use their device to access corporate data, according to Ovum's 2013 Multi-Market BYOX Employee Survey. The risk to users’ information and to their company information goes through the roof when tablets are used to connect to WiFi hotspots.

What tablets owners don’t understand is that, while they can do more than smartphones – making them a better choice for laptop replacement – tablets aren’t any more secure than smartphones. Both tablet and smartphone owners expose themselves to unique risks. According to Javelin’s 2014 Identity Fraud Report, less than half use security software, leaving them open to malicious downloads.

All of these risk factors make tablets juicy targets for hackers. Here’s a typical example of what can happen from Yahoo! Answers:

“Something really weird happened. I was taking photos of my family and all of a sudden my tablet went to the home screen, tried to google search xxxxxxxxxxxxxxxxxrrrrrrrrrrrrrrrrrrrrrrr as if someone was typing it or leaning on a key and then it decided to open up applications, like my notepad and my email, I freaked out so I turned off my wifi and bluetooth and it seems to have stopped, but I just turned off my tablet cause I feared it may have been hacked? I don't have any security on it, which I probably should have. Is this possible?”

Remember, when you share a tablet, you’re not sharing the risk to your family’s online security, you’re increasing it. Here’s what tablet users need to watch out for:

  • Shared PINs/passcodes - Generally tablets aren't like desktops/laptops where each user can have his/her own login, apps, and files. On most mobile devices, there is a single PIN/passcode, unlocking the entire device. This means that every user, including your kids, has the same access to apps and data and settings, introducing risk of unauthorized access to business apps/networks/data on a shared-use device. (There are exceptions: Android 4.2 added a multi-user mode, where each user has his/her own settings and apps and configuration profiles, and iOS 6 added a single-app mode useful for iPads used by people you don't want to have access to all apps or settings.)
  • Shared data - On most tablets, unlocking the device with a PIN/passcode unlocks all data on the device. If Mom and Dad don’t use a data locker or virtual data container in which business data is stored, when they lend their tablet to their child, he’ll be able to snoop at, change, delete, or otherwise put their business data at risk.
  • Shared apps - The usual way to address this risk is to install secure apps that create an authenticated, encrypted virtual environment. (A very common example is the Good for Enterprise email client, which may be required to access enterprise email from your tablet instead of the iOS built-in email client that any user of the iPhone can use to read and send mail.)
  • Shared network settings - If Mom or Dad lends the mobile device to a child, he could potentially have access to the company network when he shouldn't. The solution: A tablet with an installed VPN that tunnels into a company network.
  • Shared environment - Mobile devices that don't isolate users from each other create a shared operating environment in which apps and settings can adversely impact other users. For example, your child increases or removes the inactivity timeout for convenience, leaving the device more at risk if lost/stolen. Or your child installs a game which harbors adware or malware, exposing every user's private information and data. Or your child decides to jailbreak an iOS device or root an Android device to install third-party apps (apps not vetted by Apple or Google).

Mobile devices tend to be very chatty, doing a lot of app/data syncing in the background whenever they're connected to a network. So, when tablets are used by families, and when a child connects to a hotspot using the family device, it may well be connecting to business servers and sending business data without the child doing anything to cause that. If the WiFi hotspot is unsecure – as the vast majority are – or even worse, if the child connects to an Evil Twin, then that auto-sync'd traffic may be put at risk. Your child may just be motivated to get on the Internet quickly and may be more likely to ignore warning signs or choose unknown wireless access points because they're free. That could spell trouble, not only for your family’s tablet and the personal information stored on them, but also for your company’s confidential data.

  • If you have a shared family tablet, make sure you have the most up-to-date operating system version and, where possible, antivirus and anti-malware software. Hackers use sophisticated tools to crack passwords. So only use long strong passwords composed of letters, numbers, and symbols.
  • If you’re thinking of downloading apps to increase your tablet’s functionality, remember that hackers can use bad apps to install malware on your device. So only download apps from trusted sources.
  • Tweak your tablet’s settings so that you have to manually, not automatically, connect to new WiFi networks.
  • Make sure the hotspot you’re connecting to is real, not a fake designed to steal your data. And turn off your WiFi when not in use.
  • Taking your tablet online can expose you to a wide variety of security risks – especially if you’re using a public hotspot instead of your home network. Never expose your sensitive information at hotspots without using VPN software. A Virtual Private Network like PRIVATE WiFi gives you a secure way to surf the Web by encrypting all the data traveling to and from your tablet. That makes it invisible to hackers.
Janice Legnitto

Jan Legnitto

Writer, PRIVATE WiFi

Jan Legnitto is an investigative journalist and TV documentary producer who writes on criminal justice and intelligence issues. She is a frequent contributor PRIVATE WiFi's blog.

See Full Profile >